<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">

<title>class Gem::Security::Policy - rubygems: Ruby Standard Library Documentation</title>


<script src="../../js/navigation.js" defer></script>
<script src="../../js/search.js" defer></script>
<script src="../../js/search_index.js" defer></script>
<script src="../../js/searcher.js" defer></script>
<script src="../../js/darkfish.js" defer></script>

<script src="../../js/jquery-3.2.0.min.js"></script>

<script src="../../js/vue.min.js"></script>
<script src="../../js/js.cookie.min.js"></script>

<link href="../../css/fonts.css" rel="stylesheet">
<link id='rdoccss' href="../../css/rdoc.css" rel="stylesheet">
<link href="../../css/carbon17.css" rel="stylesheet">

<script type="text/javascript">
  var rdoc_rel_prefix = "../../";
  var index_rel_prefix = "../../";
  var darkModeCsseHref = "../../css/rdoc-dm.css"
  var defaultModeCssHref = "../../css/rdoc.css"
  // var cssDarkmode = Cookies.get('darkmode');
  
  if( Cookies.get("darkmode") == "true") {
	$('#rdoccss').attr("href", darkModeCsseHref);
}

//  https://cssdeck.com/blog/simple-jquery-stylesheet-switcher/

document.write('<style type="text/css">body{display:none}</style>');

</script>


</head>
<body id="top" role="document" class="class">
  <!-- this is class.html -->

  <div id='actionbar' >
    <div class='wrapper mdiv'>
      <ul class='grids g0'></ul>
    </div> 
    <!-- VERSION HEADER for 3.3.0.preview2 NOT FOUND -->
  </div> <!-- end action bar -->

  <div class='wrapper hdiv'>

    


    <nav id='vapp' role="navigation">
    <div id="project-navigation">
      <div id="home-section" role="region" title="Quick navigation" class="nav-section">
  <h2><a href="../../index.html" rel="home">Home</a></h2>

  <div id="table-of-contents-navigation"  >
    <a href="../../table_of_contents.html#pages">Pages</a>
    <a href="../../table_of_contents.html#classes">Classes</a>
    <a href="../../table_of_contents.html#methods">Methods</a>
  </div>
</div>

      <div id="search-section" role="search" class="project-section initially-hidden">
  <form action="#" method="get" accept-charset="utf-8">
    <div id="search-field-wrapper">
      <input id="search-field" role="combobox" aria-label="Search"
             aria-autocomplete="list" aria-controls="search-results"
             type="text" name="search" placeholder="Search" spellcheck="false"
             title="Type to search, Up and Down to navigate, Enter to load">
    </div>

    <ul id="search-results" aria-label="Search Results"
        aria-busy="false" aria-expanded="false"
        aria-atomic="false" class="initially-hidden"></ul>
  </form>
</div>

    </div>


    

    <button id='toggleThing' @click="toggleNav()" >Show/hide navigation</button>
    <div :class="isOpen ? 'block' : 'hidden' " id='toggleMe'>
      <div id="class-metadata">
        
        
<div id="parent-class-section" class="nav-section">
  <h3>Parent</h3>

  <p class="link">Object
</div>

        
<div id="includes-section" class="nav-section">
  <h3>Included Modules</h3>

  <ul class="link-list">
    <li><a class="include" href="../UserInteraction.html">Gem::UserInteraction</a>
  </ul>
</div>

        
        
<!-- Method Quickref -->
<div id="method-list-section" class="nav-section">
  <h3>Methods</h3>

  <ul class="link-list" role="directory">
    <li ><a href="#method-c-new">::new</a>
    <li ><a href="#method-i-check_cert">#check_cert</a>
    <li ><a href="#method-i-check_chain">#check_chain</a>
    <li ><a href="#method-i-check_data">#check_data</a>
    <li ><a href="#method-i-check_key">#check_key</a>
    <li ><a href="#method-i-check_root">#check_root</a>
    <li ><a href="#method-i-check_trust">#check_trust</a>
    <li ><a href="#method-i-verify">#verify</a>
    <li ><a href="#method-i-verify_signatures">#verify_signatures</a>
  </ul>
</div>

      </div>
     </div>
    </nav>


    <div id='extraz'><div class='adzbox-index'  >
      
     </div>         
    </div>

    <main role="main" aria-labelledby="class-Gem::Security::Policy">
    <h1 id="class-Gem::Security::Policy" class="class">
      class Gem::Security::Policy
    </h1>

    <section class="description">
    
<p>A <a href="Policy.html"><code>Gem::Security::Policy</code></a> object encapsulates the settings for verifying signed gem files.  This is the base class.  You can either declare an instance of this or use one of the preset security policies in Gem::Security::Policies.</p>

    </section>

      <section id="5Buntitled-5D" class="documentation-section">



        <section class="attribute-method-details" class="method-section">
        <header>
        <h3>Attributes</h3>
        </header>

          <div id="attribute-i-name" class="method-detail">
            <div class="method-heading attribute-method-heading">
              <span class="method-name">name</span><span
                class="attribute-access-type">[R]</span>
            </div>

            <div class="method-description">
              
              </div>
            </div>
          <div id="attribute-i-only_signed" class="method-detail">
            <div class="method-heading attribute-method-heading">
              <span class="method-name">only_signed</span><span
                class="attribute-access-type">[RW]</span>
            </div>

            <div class="method-description">
              
              </div>
            </div>
          <div id="attribute-i-only_trusted" class="method-detail">
            <div class="method-heading attribute-method-heading">
              <span class="method-name">only_trusted</span><span
                class="attribute-access-type">[RW]</span>
            </div>

            <div class="method-description">
              
              </div>
            </div>
          <div id="attribute-i-to_s" class="method-detail">
            <div class="method-heading attribute-method-heading">
              <span class="method-name">to_s</span><span
                class="attribute-access-type">[R]</span>
            </div>

            <div class="method-description">
              
              </div>
            </div>
          <div id="attribute-i-verify_chain" class="method-detail">
            <div class="method-heading attribute-method-heading">
              <span class="method-name">verify_chain</span><span
                class="attribute-access-type">[RW]</span>
            </div>

            <div class="method-description">
              
              </div>
            </div>
          <div id="attribute-i-verify_data" class="method-detail">
            <div class="method-heading attribute-method-heading">
              <span class="method-name">verify_data</span><span
                class="attribute-access-type">[RW]</span>
            </div>

            <div class="method-description">
              
              </div>
            </div>
          <div id="attribute-i-verify_root" class="method-detail">
            <div class="method-heading attribute-method-heading">
              <span class="method-name">verify_root</span><span
                class="attribute-access-type">[RW]</span>
            </div>

            <div class="method-description">
              
              </div>
            </div>
          <div id="attribute-i-verify_signer" class="method-detail">
            <div class="method-heading attribute-method-heading">
              <span class="method-name">verify_signer</span><span
                class="attribute-access-type">[RW]</span>
            </div>

            <div class="method-description">
              
              </div>
            </div>
            </section>


                <section id="public-class-5Buntitled-5D-method-details" class="method-section">
                <header>
                <h3>Public Class Methods</h3>
                </header>

                  <div id="method-c-new" class="method-detail ">
                            <div class="method-heading">
                              <span class="method-name">new</span><span
                                class="method-args">(name, policy = {}, opt = {})</span>
                              <span class="method-click-advice">click to toggle source</span>
                            </div>

                            <div class="method-description">
                              <p>Create a new <a href="Policy.html"><code>Gem::Security::Policy</code></a> object with the given mode and options.</p>

                              <div class="method-source-code" id="new-source">
            <pre><span class="ruby-comment"># File rubygems/security/policy.rb, line 27</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">initialize</span>(<span class="ruby-identifier">name</span>, <span class="ruby-identifier">policy</span> = {}, <span class="ruby-identifier">opt</span> = {})
  <span class="ruby-ivar">@name</span> = <span class="ruby-identifier">name</span>

  <span class="ruby-ivar">@opt</span> = <span class="ruby-identifier">opt</span>

  <span class="ruby-comment"># Default to security</span>
  <span class="ruby-ivar">@only_signed</span>   = <span class="ruby-keyword">true</span>
  <span class="ruby-ivar">@only_trusted</span>  = <span class="ruby-keyword">true</span>
  <span class="ruby-ivar">@verify_chain</span>  = <span class="ruby-keyword">true</span>
  <span class="ruby-ivar">@verify_data</span>   = <span class="ruby-keyword">true</span>
  <span class="ruby-ivar">@verify_root</span>   = <span class="ruby-keyword">true</span>
  <span class="ruby-ivar">@verify_signer</span> = <span class="ruby-keyword">true</span>

  <span class="ruby-identifier">policy</span>.<span class="ruby-identifier">each_pair</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">key</span>, <span class="ruby-identifier">val</span><span class="ruby-operator">|</span>
    <span class="ruby-keyword">case</span> <span class="ruby-identifier">key</span>
    <span class="ruby-keyword">when</span> <span class="ruby-value">:verify_data</span>   <span class="ruby-keyword">then</span> <span class="ruby-ivar">@verify_data</span>   = <span class="ruby-identifier">val</span>
    <span class="ruby-keyword">when</span> <span class="ruby-value">:verify_signer</span> <span class="ruby-keyword">then</span> <span class="ruby-ivar">@verify_signer</span> = <span class="ruby-identifier">val</span>
    <span class="ruby-keyword">when</span> <span class="ruby-value">:verify_chain</span>  <span class="ruby-keyword">then</span> <span class="ruby-ivar">@verify_chain</span>  = <span class="ruby-identifier">val</span>
    <span class="ruby-keyword">when</span> <span class="ruby-value">:verify_root</span>   <span class="ruby-keyword">then</span> <span class="ruby-ivar">@verify_root</span>   = <span class="ruby-identifier">val</span>
    <span class="ruby-keyword">when</span> <span class="ruby-value">:only_trusted</span>  <span class="ruby-keyword">then</span> <span class="ruby-ivar">@only_trusted</span>  = <span class="ruby-identifier">val</span>
    <span class="ruby-keyword">when</span> <span class="ruby-value">:only_signed</span>   <span class="ruby-keyword">then</span> <span class="ruby-ivar">@only_signed</span>   = <span class="ruby-identifier">val</span>
    <span class="ruby-keyword">end</span>
  <span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
                              </div>
                            </div>


                          </div>

                          </section>

                <section id="public-instance-5Buntitled-5D-method-details" class="method-section">
                <header>
                <h3>Public Instance Methods</h3>
                </header>

                  <div id="method-i-check_cert" class="method-detail ">
                            <div class="method-heading">
                              <span class="method-name">check_cert</span><span
                                class="method-args">(signer, issuer, time)</span>
                              <span class="method-click-advice">click to toggle source</span>
                            </div>

                            <div class="method-description">
                              <p>Ensures that <code>signer</code> is valid for <code>time</code> and was signed by the <code>issuer</code>. If the <code>issuer</code> is <code>nil</code> no verification is performed.</p>

                              <div class="method-source-code" id="check_cert-source">
            <pre><span class="ruby-comment"># File rubygems/security/policy.rb, line 86</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">check_cert</span>(<span class="ruby-identifier">signer</span>, <span class="ruby-identifier">issuer</span>, <span class="ruby-identifier">time</span>)
  <span class="ruby-identifier">raise</span> <span class="ruby-constant">Gem</span><span class="ruby-operator">::</span><span class="ruby-constant">Security</span><span class="ruby-operator">::</span><span class="ruby-constant">Exception</span>, <span class="ruby-string">&quot;missing signing certificate&quot;</span> <span class="ruby-keyword">unless</span>
    <span class="ruby-identifier">signer</span>

  <span class="ruby-identifier">message</span> = <span class="ruby-node">&quot;certificate #{signer.subject}&quot;</span>

  <span class="ruby-keyword">if</span> (<span class="ruby-identifier">not_before</span> = <span class="ruby-identifier">signer</span>.<span class="ruby-identifier">not_before</span>) <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-identifier">not_before</span> <span class="ruby-operator">&gt;</span> <span class="ruby-identifier">time</span>
    <span class="ruby-identifier">raise</span> <span class="ruby-constant">Gem</span><span class="ruby-operator">::</span><span class="ruby-constant">Security</span><span class="ruby-operator">::</span><span class="ruby-constant">Exception</span>,
          <span class="ruby-node">&quot;#{message} not valid before #{not_before}&quot;</span>
  <span class="ruby-keyword">end</span>

  <span class="ruby-keyword">if</span> (<span class="ruby-identifier">not_after</span> = <span class="ruby-identifier">signer</span>.<span class="ruby-identifier">not_after</span>) <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-identifier">not_after</span> <span class="ruby-operator">&lt;</span> <span class="ruby-identifier">time</span>
    <span class="ruby-identifier">raise</span> <span class="ruby-constant">Gem</span><span class="ruby-operator">::</span><span class="ruby-constant">Security</span><span class="ruby-operator">::</span><span class="ruby-constant">Exception</span>, <span class="ruby-node">&quot;#{message} not valid after #{not_after}&quot;</span>
  <span class="ruby-keyword">end</span>

  <span class="ruby-keyword">if</span> <span class="ruby-identifier">issuer</span> <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-operator">!</span><span class="ruby-identifier">signer</span>.<span class="ruby-identifier">verify</span>(<span class="ruby-identifier">issuer</span>.<span class="ruby-identifier">public_key</span>)
    <span class="ruby-identifier">raise</span> <span class="ruby-constant">Gem</span><span class="ruby-operator">::</span><span class="ruby-constant">Security</span><span class="ruby-operator">::</span><span class="ruby-constant">Exception</span>,
          <span class="ruby-node">&quot;#{message} was not issued by #{issuer.subject}&quot;</span>
  <span class="ruby-keyword">end</span>

  <span class="ruby-keyword">true</span>
<span class="ruby-keyword">end</span></pre>
                              </div>
                            </div>


                          </div>

                  <div id="method-i-check_chain" class="method-detail ">
                            <div class="method-heading">
                              <span class="method-name">check_chain</span><span
                                class="method-args">(chain, time)</span>
                              <span class="method-click-advice">click to toggle source</span>
                            </div>

                            <div class="method-description">
                              <p>Verifies each certificate in <code>chain</code> has signed the following certificate and is valid for the given <code>time</code>.</p>

                              <div class="method-source-code" id="check_chain-source">
            <pre><span class="ruby-comment"># File rubygems/security/policy.rb, line 56</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">check_chain</span>(<span class="ruby-identifier">chain</span>, <span class="ruby-identifier">time</span>)
  <span class="ruby-identifier">raise</span> <span class="ruby-constant">Gem</span><span class="ruby-operator">::</span><span class="ruby-constant">Security</span><span class="ruby-operator">::</span><span class="ruby-constant">Exception</span>, <span class="ruby-string">&quot;missing signing chain&quot;</span> <span class="ruby-keyword">unless</span> <span class="ruby-identifier">chain</span>
  <span class="ruby-identifier">raise</span> <span class="ruby-constant">Gem</span><span class="ruby-operator">::</span><span class="ruby-constant">Security</span><span class="ruby-operator">::</span><span class="ruby-constant">Exception</span>, <span class="ruby-string">&quot;empty signing chain&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">chain</span>.<span class="ruby-identifier">empty?</span>

  <span class="ruby-keyword">begin</span>
    <span class="ruby-identifier">chain</span>.<span class="ruby-identifier">each_cons</span> <span class="ruby-value">2</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">issuer</span>, <span class="ruby-identifier">cert</span><span class="ruby-operator">|</span>
      <span class="ruby-identifier">check_cert</span> <span class="ruby-identifier">cert</span>, <span class="ruby-identifier">issuer</span>, <span class="ruby-identifier">time</span>
    <span class="ruby-keyword">end</span>

    <span class="ruby-keyword">true</span>
  <span class="ruby-keyword">rescue</span> <span class="ruby-constant">Gem</span><span class="ruby-operator">::</span><span class="ruby-constant">Security</span><span class="ruby-operator">::</span><span class="ruby-constant">Exception</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">e</span>
    <span class="ruby-identifier">raise</span> <span class="ruby-constant">Gem</span><span class="ruby-operator">::</span><span class="ruby-constant">Security</span><span class="ruby-operator">::</span><span class="ruby-constant">Exception</span>, <span class="ruby-node">&quot;invalid signing chain: #{e.message}&quot;</span>
  <span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
                              </div>
                            </div>


                          </div>

                  <div id="method-i-check_data" class="method-detail ">
                            <div class="method-heading">
                              <span class="method-name">check_data</span><span
                                class="method-args">(public_key, digest, signature, data)</span>
                              <span class="method-click-advice">click to toggle source</span>
                            </div>

                            <div class="method-description">
                              <p>Verifies that <code>data</code> matches the <code>signature</code> created by <code>public_key</code> and the <code>digest</code> algorithm.</p>

                              <div class="method-source-code" id="check_data-source">
            <pre><span class="ruby-comment"># File rubygems/security/policy.rb, line 75</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">check_data</span>(<span class="ruby-identifier">public_key</span>, <span class="ruby-identifier">digest</span>, <span class="ruby-identifier">signature</span>, <span class="ruby-identifier">data</span>)
  <span class="ruby-identifier">raise</span> <span class="ruby-constant">Gem</span><span class="ruby-operator">::</span><span class="ruby-constant">Security</span><span class="ruby-operator">::</span><span class="ruby-constant">Exception</span>, <span class="ruby-string">&quot;invalid signature&quot;</span> <span class="ruby-keyword">unless</span>
    <span class="ruby-identifier">public_key</span>.<span class="ruby-identifier">verify</span> <span class="ruby-identifier">digest</span>, <span class="ruby-identifier">signature</span>, <span class="ruby-identifier">data</span>.<span class="ruby-identifier">digest</span>

  <span class="ruby-keyword">true</span>
<span class="ruby-keyword">end</span></pre>
                              </div>
                            </div>


                          </div>

                  <div id="method-i-check_key" class="method-detail ">
                            <div class="method-heading">
                              <span class="method-name">check_key</span><span
                                class="method-args">(signer, key)</span>
                              <span class="method-click-advice">click to toggle source</span>
                            </div>

                            <div class="method-description">
                              <p>Ensures the public key of <code>key</code> matches the public key in <code>signer</code></p>

                              <div class="method-source-code" id="check_key-source">
            <pre><span class="ruby-comment"># File rubygems/security/policy.rb, line 112</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">check_key</span>(<span class="ruby-identifier">signer</span>, <span class="ruby-identifier">key</span>)
  <span class="ruby-keyword">unless</span> <span class="ruby-identifier">signer</span> <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-identifier">key</span>
    <span class="ruby-keyword">return</span> <span class="ruby-keyword">true</span> <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@only_signed</span>

    <span class="ruby-identifier">raise</span> <span class="ruby-constant">Gem</span><span class="ruby-operator">::</span><span class="ruby-constant">Security</span><span class="ruby-operator">::</span><span class="ruby-constant">Exception</span>, <span class="ruby-string">&quot;missing key or signature&quot;</span>
  <span class="ruby-keyword">end</span>

  <span class="ruby-identifier">raise</span> <span class="ruby-constant">Gem</span><span class="ruby-operator">::</span><span class="ruby-constant">Security</span><span class="ruby-operator">::</span><span class="ruby-constant">Exception</span>,
    <span class="ruby-node">&quot;certificate #{signer.subject} does not match the signing key&quot;</span> <span class="ruby-keyword">unless</span>
      <span class="ruby-identifier">signer</span>.<span class="ruby-identifier">check_private_key</span>(<span class="ruby-identifier">key</span>)

  <span class="ruby-keyword">true</span>
<span class="ruby-keyword">end</span></pre>
                              </div>
                            </div>


                          </div>

                  <div id="method-i-check_root" class="method-detail ">
                            <div class="method-heading">
                              <span class="method-name">check_root</span><span
                                class="method-args">(chain, time)</span>
                              <span class="method-click-advice">click to toggle source</span>
                            </div>

                            <div class="method-description">
                              <p>Ensures the root certificate in <code>chain</code> is self-signed and valid for <code>time</code>.</p>

                              <div class="method-source-code" id="check_root-source">
            <pre><span class="ruby-comment"># File rubygems/security/policy.rb, line 130</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">check_root</span>(<span class="ruby-identifier">chain</span>, <span class="ruby-identifier">time</span>)
  <span class="ruby-identifier">raise</span> <span class="ruby-constant">Gem</span><span class="ruby-operator">::</span><span class="ruby-constant">Security</span><span class="ruby-operator">::</span><span class="ruby-constant">Exception</span>, <span class="ruby-string">&quot;missing signing chain&quot;</span> <span class="ruby-keyword">unless</span> <span class="ruby-identifier">chain</span>

  <span class="ruby-identifier">root</span> = <span class="ruby-identifier">chain</span>.<span class="ruby-identifier">first</span>

  <span class="ruby-identifier">raise</span> <span class="ruby-constant">Gem</span><span class="ruby-operator">::</span><span class="ruby-constant">Security</span><span class="ruby-operator">::</span><span class="ruby-constant">Exception</span>, <span class="ruby-string">&quot;missing root certificate&quot;</span> <span class="ruby-keyword">unless</span> <span class="ruby-identifier">root</span>

  <span class="ruby-identifier">raise</span> <span class="ruby-constant">Gem</span><span class="ruby-operator">::</span><span class="ruby-constant">Security</span><span class="ruby-operator">::</span><span class="ruby-constant">Exception</span>,
        <span class="ruby-node">&quot;root certificate #{root.subject} is not self-signed &quot;</span> \
        <span class="ruby-node">&quot;(issuer #{root.issuer})&quot;</span> <span class="ruby-keyword">if</span>
    <span class="ruby-identifier">root</span>.<span class="ruby-identifier">issuer</span> <span class="ruby-operator">!=</span> <span class="ruby-identifier">root</span>.<span class="ruby-identifier">subject</span>

  <span class="ruby-identifier">check_cert</span> <span class="ruby-identifier">root</span>, <span class="ruby-identifier">root</span>, <span class="ruby-identifier">time</span>
<span class="ruby-keyword">end</span></pre>
                              </div>
                            </div>


                          </div>

                  <div id="method-i-check_trust" class="method-detail ">
                            <div class="method-heading">
                              <span class="method-name">check_trust</span><span
                                class="method-args">(chain, digester, trust_dir)</span>
                              <span class="method-click-advice">click to toggle source</span>
                            </div>

                            <div class="method-description">
                              <p>Ensures the root of <code>chain</code> has a trusted certificate in <code>trust_dir</code> and the digests of the two certificates match according to <code>digester</code></p>

                              <div class="method-source-code" id="check_trust-source">
            <pre><span class="ruby-comment"># File rubygems/security/policy.rb, line 149</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">check_trust</span>(<span class="ruby-identifier">chain</span>, <span class="ruby-identifier">digester</span>, <span class="ruby-identifier">trust_dir</span>)
  <span class="ruby-identifier">raise</span> <span class="ruby-constant">Gem</span><span class="ruby-operator">::</span><span class="ruby-constant">Security</span><span class="ruby-operator">::</span><span class="ruby-constant">Exception</span>, <span class="ruby-string">&quot;missing signing chain&quot;</span> <span class="ruby-keyword">unless</span> <span class="ruby-identifier">chain</span>

  <span class="ruby-identifier">root</span> = <span class="ruby-identifier">chain</span>.<span class="ruby-identifier">first</span>

  <span class="ruby-identifier">raise</span> <span class="ruby-constant">Gem</span><span class="ruby-operator">::</span><span class="ruby-constant">Security</span><span class="ruby-operator">::</span><span class="ruby-constant">Exception</span>, <span class="ruby-string">&quot;missing root certificate&quot;</span> <span class="ruby-keyword">unless</span> <span class="ruby-identifier">root</span>

  <span class="ruby-identifier">path</span> = <span class="ruby-constant">Gem</span><span class="ruby-operator">::</span><span class="ruby-constant">Security</span>.<span class="ruby-identifier">trust_dir</span>.<span class="ruby-identifier">cert_path</span> <span class="ruby-identifier">root</span>

  <span class="ruby-keyword">unless</span> <span class="ruby-constant">File</span>.<span class="ruby-identifier">exist?</span> <span class="ruby-identifier">path</span>
    <span class="ruby-identifier">message</span> = <span class="ruby-node">&quot;root cert #{root.subject} is not trusted&quot;</span>.<span class="ruby-identifier">dup</span>

    <span class="ruby-identifier">message</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-node">&quot; (root of signing cert #{chain.last.subject})&quot;</span> <span class="ruby-keyword">if</span>
      <span class="ruby-identifier">chain</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">1</span>

    <span class="ruby-identifier">raise</span> <span class="ruby-constant">Gem</span><span class="ruby-operator">::</span><span class="ruby-constant">Security</span><span class="ruby-operator">::</span><span class="ruby-constant">Exception</span>, <span class="ruby-identifier">message</span>
  <span class="ruby-keyword">end</span>

  <span class="ruby-identifier">save_cert</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">X509</span><span class="ruby-operator">::</span><span class="ruby-constant">Certificate</span>.<span class="ruby-identifier">new</span> <span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span> <span class="ruby-identifier">path</span>
  <span class="ruby-identifier">save_dgst</span> = <span class="ruby-identifier">digester</span>.<span class="ruby-identifier">digest</span> <span class="ruby-identifier">save_cert</span>.<span class="ruby-identifier">public_key</span>.<span class="ruby-identifier">to_pem</span>

  <span class="ruby-identifier">pkey_str</span> = <span class="ruby-identifier">root</span>.<span class="ruby-identifier">public_key</span>.<span class="ruby-identifier">to_pem</span>
  <span class="ruby-identifier">cert_dgst</span> = <span class="ruby-identifier">digester</span>.<span class="ruby-identifier">digest</span> <span class="ruby-identifier">pkey_str</span>

  <span class="ruby-identifier">raise</span> <span class="ruby-constant">Gem</span><span class="ruby-operator">::</span><span class="ruby-constant">Security</span><span class="ruby-operator">::</span><span class="ruby-constant">Exception</span>,
        <span class="ruby-node">&quot;trusted root certificate #{root.subject} checksum &quot;</span> \
        <span class="ruby-string">&quot;does not match signing root certificate checksum&quot;</span> <span class="ruby-keyword">unless</span>
    <span class="ruby-identifier">save_dgst</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">cert_dgst</span>

  <span class="ruby-keyword">true</span>
<span class="ruby-keyword">end</span></pre>
                              </div>
                            </div>


                          </div>

                  <div id="method-i-verify" class="method-detail ">
                            <div class="method-heading">
                              <span class="method-name">verify</span><span
                                class="method-args">(chain, key = nil, digests = {}, signatures = {}, full_name = &quot;(unknown)&quot;)</span>
                              <span class="method-click-advice">click to toggle source</span>
                            </div>

                            <div class="method-description">
                              <p>For <code>full_name</code>, verifies the certificate <code>chain</code> is valid, the <code>digests</code> match the signatures <code>signatures</code> created by the signer depending on the <code>policy</code> settings.</p>

<p>If <code>key</code> is given it is used to validate the signing certificate.</p>

                              <div class="method-source-code" id="verify-source">
            <pre><span class="ruby-comment"># File rubygems/security/policy.rb, line 206</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">verify</span>(<span class="ruby-identifier">chain</span>, <span class="ruby-identifier">key</span> = <span class="ruby-keyword">nil</span>, <span class="ruby-identifier">digests</span> = {}, <span class="ruby-identifier">signatures</span> = {}, <span class="ruby-identifier">full_name</span> = <span class="ruby-string">&quot;(unknown)&quot;</span>)
  <span class="ruby-keyword">if</span> <span class="ruby-identifier">signatures</span>.<span class="ruby-identifier">empty?</span>
    <span class="ruby-keyword">if</span> <span class="ruby-ivar">@only_signed</span>
      <span class="ruby-identifier">raise</span> <span class="ruby-constant">Gem</span><span class="ruby-operator">::</span><span class="ruby-constant">Security</span><span class="ruby-operator">::</span><span class="ruby-constant">Exception</span>,
        <span class="ruby-node">&quot;unsigned gems are not allowed by the #{name} policy&quot;</span>
    <span class="ruby-keyword">elsif</span> <span class="ruby-identifier">digests</span>.<span class="ruby-identifier">empty?</span>
      <span class="ruby-comment"># lack of signatures is irrelevant if there is nothing to check</span>
      <span class="ruby-comment"># against</span>
    <span class="ruby-keyword">else</span>
      <span class="ruby-identifier">alert_warning</span> <span class="ruby-node">&quot;#{full_name} is not signed&quot;</span>
      <span class="ruby-keyword">return</span>
    <span class="ruby-keyword">end</span>
  <span class="ruby-keyword">end</span>

  <span class="ruby-identifier">opt</span>       = <span class="ruby-ivar">@opt</span>
  <span class="ruby-identifier">digester</span>  = <span class="ruby-constant">Gem</span><span class="ruby-operator">::</span><span class="ruby-constant">Security</span>.<span class="ruby-identifier">create_digest</span>
  <span class="ruby-identifier">trust_dir</span> = <span class="ruby-identifier">opt</span>[<span class="ruby-value">:trust_dir</span>]
  <span class="ruby-identifier">time</span>      = <span class="ruby-constant">Time</span>.<span class="ruby-identifier">now</span>

  <span class="ruby-identifier">_</span>, <span class="ruby-identifier">signer_digests</span> = <span class="ruby-identifier">digests</span>.<span class="ruby-identifier">find</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">_algorithm</span>, <span class="ruby-identifier">file_digests</span><span class="ruby-operator">|</span>
    <span class="ruby-identifier">file_digests</span>.<span class="ruby-identifier">values</span>.<span class="ruby-identifier">first</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">==</span> <span class="ruby-constant">Gem</span><span class="ruby-operator">::</span><span class="ruby-constant">Security</span><span class="ruby-operator">::</span><span class="ruby-constant">DIGEST_NAME</span>
  <span class="ruby-keyword">end</span>

  <span class="ruby-keyword">if</span> <span class="ruby-ivar">@verify_data</span>
    <span class="ruby-identifier">raise</span> <span class="ruby-constant">Gem</span><span class="ruby-operator">::</span><span class="ruby-constant">Security</span><span class="ruby-operator">::</span><span class="ruby-constant">Exception</span>, <span class="ruby-string">&quot;no digests provided (probable bug)&quot;</span> <span class="ruby-keyword">if</span>
      <span class="ruby-identifier">signer_digests</span>.<span class="ruby-identifier">nil?</span> <span class="ruby-operator">||</span> <span class="ruby-identifier">signer_digests</span>.<span class="ruby-identifier">empty?</span>
  <span class="ruby-keyword">else</span>
    <span class="ruby-identifier">signer_digests</span> = {}
  <span class="ruby-keyword">end</span>

  <span class="ruby-identifier">signer</span> = <span class="ruby-identifier">chain</span>.<span class="ruby-identifier">last</span>

  <span class="ruby-identifier">check_key</span> <span class="ruby-identifier">signer</span>, <span class="ruby-identifier">key</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">key</span>

  <span class="ruby-identifier">check_cert</span> <span class="ruby-identifier">signer</span>, <span class="ruby-keyword">nil</span>, <span class="ruby-identifier">time</span> <span class="ruby-keyword">if</span> <span class="ruby-ivar">@verify_signer</span>

  <span class="ruby-identifier">check_chain</span> <span class="ruby-identifier">chain</span>, <span class="ruby-identifier">time</span> <span class="ruby-keyword">if</span> <span class="ruby-ivar">@verify_chain</span>

  <span class="ruby-identifier">check_root</span> <span class="ruby-identifier">chain</span>, <span class="ruby-identifier">time</span> <span class="ruby-keyword">if</span> <span class="ruby-ivar">@verify_root</span>

  <span class="ruby-keyword">if</span> <span class="ruby-ivar">@only_trusted</span>
    <span class="ruby-identifier">check_trust</span> <span class="ruby-identifier">chain</span>, <span class="ruby-identifier">digester</span>, <span class="ruby-identifier">trust_dir</span>
  <span class="ruby-keyword">elsif</span> <span class="ruby-identifier">signatures</span>.<span class="ruby-identifier">empty?</span> <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-identifier">digests</span>.<span class="ruby-identifier">empty?</span>
    <span class="ruby-comment"># trust is irrelevant if there&#39;s no signatures to verify</span>
  <span class="ruby-keyword">else</span>
    <span class="ruby-identifier">alert_warning</span> <span class="ruby-node">&quot;#{subject signer} is not trusted for #{full_name}&quot;</span>
  <span class="ruby-keyword">end</span>

  <span class="ruby-identifier">signatures</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">file</span>, <span class="ruby-identifier">_</span><span class="ruby-operator">|</span>
    <span class="ruby-identifier">digest</span> = <span class="ruby-identifier">signer_digests</span>[<span class="ruby-identifier">file</span>]

    <span class="ruby-identifier">raise</span> <span class="ruby-constant">Gem</span><span class="ruby-operator">::</span><span class="ruby-constant">Security</span><span class="ruby-operator">::</span><span class="ruby-constant">Exception</span>, <span class="ruby-node">&quot;missing digest for #{file}&quot;</span> <span class="ruby-keyword">unless</span>
      <span class="ruby-identifier">digest</span>
  <span class="ruby-keyword">end</span>

  <span class="ruby-identifier">signer_digests</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">file</span>, <span class="ruby-identifier">digest</span><span class="ruby-operator">|</span>
    <span class="ruby-identifier">signature</span> = <span class="ruby-identifier">signatures</span>[<span class="ruby-identifier">file</span>]

    <span class="ruby-identifier">raise</span> <span class="ruby-constant">Gem</span><span class="ruby-operator">::</span><span class="ruby-constant">Security</span><span class="ruby-operator">::</span><span class="ruby-constant">Exception</span>, <span class="ruby-node">&quot;missing signature for #{file}&quot;</span> <span class="ruby-keyword">unless</span>
      <span class="ruby-identifier">signature</span>

    <span class="ruby-identifier">check_data</span> <span class="ruby-identifier">signer</span>.<span class="ruby-identifier">public_key</span>, <span class="ruby-identifier">digester</span>, <span class="ruby-identifier">signature</span>, <span class="ruby-identifier">digest</span> <span class="ruby-keyword">if</span> <span class="ruby-ivar">@verify_data</span>
  <span class="ruby-keyword">end</span>

  <span class="ruby-keyword">true</span>
<span class="ruby-keyword">end</span></pre>
                              </div>
                            </div>


                          </div>

                  <div id="method-i-verify_signatures" class="method-detail ">
                            <div class="method-heading">
                              <span class="method-name">verify_signatures</span><span
                                class="method-args">(spec, digests, signatures)</span>
                              <span class="method-click-advice">click to toggle source</span>
                            </div>

                            <div class="method-description">
                              <p>Extracts the certificate chain from the <code>spec</code> and calls <a href="Policy.html#method-i-verify"><code>verify</code></a> to ensure the signatures and certificate chain is valid according to the policy..</p>

                              <div class="method-source-code" id="verify_signatures-source">
            <pre><span class="ruby-comment"># File rubygems/security/policy.rb, line 277</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">verify_signatures</span>(<span class="ruby-identifier">spec</span>, <span class="ruby-identifier">digests</span>, <span class="ruby-identifier">signatures</span>)
  <span class="ruby-identifier">chain</span> = <span class="ruby-identifier">spec</span>.<span class="ruby-identifier">cert_chain</span>.<span class="ruby-identifier">map</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">cert_pem</span><span class="ruby-operator">|</span>
    <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">X509</span><span class="ruby-operator">::</span><span class="ruby-constant">Certificate</span>.<span class="ruby-identifier">new</span> <span class="ruby-identifier">cert_pem</span>
  <span class="ruby-keyword">end</span>

  <span class="ruby-identifier">verify</span> <span class="ruby-identifier">chain</span>, <span class="ruby-keyword">nil</span>, <span class="ruby-identifier">digests</span>, <span class="ruby-identifier">signatures</span>, <span class="ruby-identifier">spec</span>.<span class="ruby-identifier">full_name</span>

  <span class="ruby-keyword">true</span>
<span class="ruby-keyword">end</span></pre>
                              </div>
                            </div>


                          </div>

                          </section>

              </section>
              </main>



            </div>  <!--  class='wrapper hdiv' -->


<footer id="validator-badges" role="contentinfo">
<p><a href="https://validator.w3.org/check/referer">Validate</a></p>
<p>Generated by <a href="https://ruby.github.io/rdoc/">RDoc</a> 6.4.0.</p>
<p>Based on <a href="https://github.com/ged/darkfish/">Darkfish</a> by <a href="http://deveiate.org">Michael Granger</a>.</p>

  
    <p><p><a href="https://ruby-doc.org">Ruby-doc.org</a> is a service of <a href="https://jamesbritt.com">James Britt</a> and <a href="https://neurogami.com">Neurogami</a>, purveyors of fine <a href='https://jamesbritt.bandcamp.com/'>dance noise</a></p>
</p>
  
  </footer>

<script type="text/javascript">


  let ads  = $("#carbonads-container").children().detach();


  function swapMode() {
    var cookieName = 'darkmode';
    var cssDarkmode = Cookies.get(cookieName);
    console.log("***** swapMode! " + cssDarkmode + " *****");


    if (cssDarkmode == "true") {
      console.log("We have dark mode, set the css to light ...");
      $('#rdoccss').attr("href", defaultModeCssHref);
      $('#cssSelect').text("Dark mode");
      cssDarkmode = "false";
      console.log("swapMode! Now set cookie to " + cssDarkmode);
      Cookies.set(cookieName, cssDarkmode);

    } else {
      console.log("We not have dark mode, set the css to dark ...");
      $('#rdoccss').attr("href", darkModeCsseHref);
      $('#cssSelect').text("Light mode");
      cssDarkmode = "true";
      console.log("swapMode! Now set cookie to " + cssDarkmode);
      Cookies.set(cookieName, cssDarkmode);

    }

    console.log("  --------------- ");
  }


const vueCssApp = new Vue({
el: '#menubar',
data: {
isDark: false
},
methods: {
toggleClass: function(event){
this.isDark = !this.isDark;
}
}
})

const vueApp = new Vue({
el: '#vapp',
data: { 
isOpen: true
},

mounted() {
this.handleResize();
this.manage_mob_classes();
window.addEventListener('resize', this.handleResize)
//this.isOpen !=  (/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i.test(navigator.userAgent));
},
destroyed() {
window.removeEventListener('resize', this.handleResize)
},
created() {
//manage_mob_classes();
},

methods : {
isMobile() {
  return (/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i.test(navigator.userAgent));
},

  handleResize() {
    if (!this.isMobile()) {
      this.isOpen = window.innerWidth > 800;
    }
  },

  manage_mob_classes() {
    if (/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i.test(navigator.userAgent)) {
      $("nav").addClass("mob_nav");
      $("main").addClass("mob_main");
      $("#extraz").addClass("mob_extraz");
      $("#carbonads-container").addClass("mob_carbonads-container");
      this.isOpen  = false;
    } else {
      $("nav").removeClass("mob_nav") 
        $("main").removeClass("mob_main");
      $("#extraz").removeClass("mob_extraz");
      $("#carbonads-container").removeClass("mob_carbonads-container");
      this.isOpen  = true;
    }
  },

  toggleNav() {
    this.isOpen =! this.isOpen ;
    // alert("Toggle nav!");
    console.log("toggleNav() click: " + this.isOpen );
  }
}
})

$("#carbonads-container").append(ads);


$(function() {

    var darkmode = Cookies.get("darkmode");
    console.log("Document ready: " + darkmode);

    if ( darkmode  == "true" ) {
      $('#cssSelect').text("Light mode");
    } else {
      $('#cssSelect').text("Dark mode");
     }

    $('body').css('display','block');
    });

</script>

    
  </body> 
</html>

